| ▲ | rustyhancock 4 hours ago | |
I know this is a crazy take. But I go feel so down trodden by many many tech corps these days I find it hard not to have a smidge of satisfaction for this guy pointing out the colossal favour research developers do for them by responsible disclosure. That said, I feel bad for the inevitable victims of exploitation and also I am certain he will end up criminalized or as per usual the law will enforce a large corps will against him. Yes. Definitely a Friday night after a hard week take. | ||
| ▲ | matheusmoreira 8 minutes ago | parent | next [-] | |
Nothing crazy about it. Crazy is feeling sorry for the trillion dollar corporation. Don't let anyone tell you otherwise. The right thing is immediate publication of all exploits, zero liability for the researcher who's just doing a public service and maximum liability for the corporation whose criminal negligence enabled the exploits to begin with. | ||
| ▲ | thot_experiment an hour ago | parent | prev | next [-] | |
Naw totally agree, we need way more robust protections for security researchers and way harsher penalties for corpos doing bullshit, it should be a percentage of revenue. We have way too much fuck around these days and not nearly enough find out. | ||
| ▲ | vorpalhex 2 hours ago | parent | prev [-] | |
Microsoft chose to run a shoddy bounty program. The researcher tried to do the right thing. Microsoft could have prevented this. They were warned. It's their own fault. The exploit exists whether or not the researcher reports it. They didn't make the exploit. | ||